
Department of Homeland Security 

Office of Inspector General 



Evaluation of DHS 1 Security 
Program and Practices For Its 
Intelligence Systems For Fiscal Year 2010 

Unclassified Summary 




OIG-10-112 



August 2010 



U.S. Department of 
Homeland Security 

Washington, DC 20528 

Homeland 
Security 



Office of Inspector General 
Evaluation of DHS' Security Program and Practices for Its 
Intelligence Systems for Fiscal Year 2010 
OIG-10-112 



We reviewed the Department of Homeland Security's (DHS) enterprise- wide security 
program and practices for its Top Secret/Sensitive Compartmented Information 
intelligence systems. Pursuant to the Federal Information Security Management Act of 
2002 (FISMA), we reviewed the department's security management, implementation, and 
evaluation of its intelligence activities, including its policies, procedures, and system 
security controls for enterprise-wide intelligence systems. In doing so, we assessed the 
department's Plan of Action and Milestones, certification and accreditation, privacy, and 
incident reporting processes, as well as its security training and awareness program. 

The department continues to maintain an effective enterprise- wide information security 
management program for its intelligence systems. Overall, DHS has developed 
information security procedures and implemented effective security controls on its 
intelligence systems. Nonetheless, management oversight and operational issues remain 
regarding the effectiveness of the program. Concerns with system Certification and 
Accreditation documentation and the implementation of a formal information system 
security training and awareness program for intelligence personnel still exist. Further, 
because the Intelligence and Analysis Office is now responsible for the U.S. Coast Guard 
intelligence systems reporting, the office should continue to provide management 
oversight to ensure that the U.S. Coast Guard maintains an effective information 
technology security program and complies with FISMA and DHS requirements. 
Fieldwork was conducted from April through June 2010. 
(OIG-10-112, August 2010, IT) 
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OIG HOTLINE 

To report alleged fraud, waste, abuse or mismanagement, or any other kind of criminal or noncriminal 
misconduct relative to department programs or operations: 

• Call our Hotline at 1-800-323-8603; 

• Fax the complaint directly to us at (202) 254-4292; 

• Email us at DHSOIGHOTLINE@dhs.gov; or 

• Write to us at: 

DHS Office of Inspector General/MAIL STOP 2600, 
Attention: Office of Investigations - Hotline, 
245 Murray Drive, SW, Building 410, 
Washington, DC 20528. 



The OIG seeks to protect the identity of each writer and caller. 



